16 Apr
2004
16 Apr
'04
4:50 a.m.
Kees Cook wrote:
gdb says it's from a crashed "free" which means there is probably a double-free going on, after I select any item from the drop-down. The backtrace:
From what I've seen, with gcc and glibc code, a crash on a free() or a malloc() is often the result of code writing out-of-bounds on a previously-allocated memory chunk, thus destroying the nice linked-list heap structure of the allocatable memory upon which malloc() operates. So you might want to check what the last code that used allocated memory was doing.
It is likely something else, but that is what I have often seen.
Bob